hillcrestpress.weprnt4u.com Open in urlscan Pro
198.235.134.66  Malicious Activity! Public Scan

3 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request index.htm Show response hillcrestpress.weprnt4u.com/bn/bnz/home/	37 KB 38 KB	425ms 101ms	Document text/html	198.235.134.66 Intelligent Techn...
General Check archive.org Show headers Download Go to Full URL https://hillcrestpress.weprnt4u.com/bn/bnz/home/index.htm Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.235.134.66 , United States, ASN54611 (ITSYOURIT - Intelligent Technology Solutions, Inc., US), Reverse DNS web01.remly.com Software Apache / Resource Hash 01bd6a45f4abede766aa31da039b9f30da9652713229f9c2b35eb2fa6199bb48 Request headers Host hillcrestpress.weprnt4u.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3 Accept-Encoding gzip, deflate, br Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Thu, 04 Jul 2019 13:03:04 GMT Server Apache Last-Modified Fri, 28 Sep 2018 02:16:30 GMT Accept-Ranges bytes Content-Length 38295 Keep-Alive timeout=5, max=100 Connection Keep-Alive Content-Type text/html
GET H/1.1	200 OK	ot-min.js Show response execution-use.ci360.sas.com/js/	226 KB 62 KB	809ms 114ms	Script application/javascript	34.199.225.6 Amazon.com
General Check archive.org Show headers Download Go to Full URL https://execution-use.ci360.sas.com/js/ot-min.js Requested by Host: hillcrestpress.weprnt4u.com URL: https://hillcrestpress.weprnt4u.com/bn/bnz/home/index.htm Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 34.199.225.6 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US), Reverse DNS ec2-34-199-225-6.compute-1.amazonaws.com Software / Resource Hash 980e0a8ca74cdf527b4140b344ea720bbbef66b0d438c3ab1bd41282e097ec8b Request headers Referer https://hillcrestpress.weprnt4u.com/bn/bnz/home/index.htm User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Thu, 04 Jul 2019 13:03:04 GMT Content-Encoding gzip Last-Modified Tue, 02 Jul 2019 09:29:32 GMT ETag W/"231122-1562059772000" Vary Accept-Encoding Content-Type application/javascript Cache-Control max-age=1800, no-cache="set-cookie" transfer-encoding chunked Connection keep-alive Accept-Ranges bytes Expires Thu, 04 Jul 2019 13:33:05 GMT
GET H/1.1	200 OK	1538081719195 Show response execution-use.ci360.sas.com/t/s/c/c0b52ff90d000139628464bd/	36 KB 7 KB	811ms 114ms	Script application/javascript	34.199.225.6 Amazon.com
General Check archive.org Show headers Download Go to Full URL https://execution-use.ci360.sas.com/t/s/c/c0b52ff90d000139628464bd/1538081719195?version=1.1.0&domain=secure.bnz.co.nz&vid=15f6342a75f049563bea34bb&sid=6ea48883065f68392b4c718c&hb=3820&p=%2Fauth%2Fsso-login&params=resume%3D%252Fpingfederate%252Fas%252FIbtB1%252Fresume%252Fas%252Fauthorization.ping%26spentity%3Dnull&page_title=BNZ%20Login&referrer=https%3A%2F%2Fwww.bnz.co.nz%2F&uri=https%3A%2F%2Fsecure.bnz.co.nz%2Fauth%2Fsso-login%3Fresume%3D%252Fpingfederate%252Fas%252FIbtB1%252Fresume%252Fas%252Fauthorization.ping%26spentity%3Dnull&requestedfile=%2Fauth%2Fsso-login&cts=1538081719195&tzo=-60&platform=Win32&port=&protocol=https&flash_enabled=false&flash_version=&java_enabled=false&java_version=&screen_info=1366x768@24&browser_language=en-US&character_set=UTF-8&csz=2889&bsz=1366x657&tab_id=554087139741 Requested by Host: hillcrestpress.weprnt4u.com URL: https://hillcrestpress.weprnt4u.com/bn/bnz/home/index.htm Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 34.199.225.6 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US), Reverse DNS ec2-34-199-225-6.compute-1.amazonaws.com Software / Resource Hash 22f39db53acd71a4cbcab5efaf2a4847b8ebc11694f8e28b35c49e99b7346e13 Request headers Referer https://hillcrestpress.weprnt4u.com/bn/bnz/home/index.htm User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Thu, 04 Jul 2019 13:03:05 GMT Content-Encoding gzip Cache-Control no-cache, no-cache="set-cookie" Content-Length 6559 Vary Accept-Encoding Connection keep-alive Content-Type application/javascript;charset=UTF-8
GET H/1.1	200 OK	c0b52ff90d000139628464bd Show response execution-use.ci360.sas.com/t/s/p/	87 B 472 B	805ms 115ms	Script application/javascript	34.199.225.6 Amazon.com
General Check archive.org Show headers Download Go to Full URL https://execution-use.ci360.sas.com/t/s/p/c0b52ff90d000139628464bd?version=1.1.0&domain=secure.bnz.co.nz&p=%2Fauth%2Fsso-login&params=resume%3D%252Fpingfederate%252Fas%252FIbtB1%252Fresume%252Fas%252Fauthorization.ping%26spentity%3Dnull&page_title=BNZ%20Login&referrer=https%3A%2F%2Fwww.bnz.co.nz%2F&uri=https%3A%2F%2Fsecure.bnz.co.nz%2Fauth%2Fsso-login%3Fresume%3D%252Fpingfederate%252Fas%252FIbtB1%252Fresume%252Fas%252Fauthorization.ping%26spentity%3Dnull&requestedfile=%2Fauth%2Fsso-login&platform=Win32&port=&protocol=https&browser_language=en-US&character_set=UTF-8 Requested by Host: hillcrestpress.weprnt4u.com URL: https://hillcrestpress.weprnt4u.com/bn/bnz/home/index.htm Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 34.199.225.6 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US), Reverse DNS ec2-34-199-225-6.compute-1.amazonaws.com Software / Resource Hash 01e02a02093340071d1364f08f71d9f2c62e272ba902bbc4a01bc505f693fc1e Request headers Referer https://hillcrestpress.weprnt4u.com/bn/bnz/home/index.htm User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Thu, 04 Jul 2019 13:03:05 GMT Cache-Control max-age=1800, no-cache="set-cookie" Connection keep-alive Content-Length 87 Content-Type application/javascript;charset=UTF-8
GET H2	200	serrano.css www.bnz.co.nz/serrano/	2 KB 895 B	392ms 20ms	Stylesheet text/css	45.60.78.175 Incapsula Inc
General Check archive.org Show headers Download Go to Full URL https://www.bnz.co.nz/serrano/serrano.css Requested by Host: hillcrestpress.weprnt4u.com URL: https://hillcrestpress.weprnt4u.com/bn/bnz/home/index.htm Protocol H2 Security TLS 1.3, , AES_128_GCM Server 45.60.78.175 , United States, ASN19551 (INCAPSULA - Incapsula Inc, US), Reverse DNS Software / Resource Hash f8260d7d44cfb1f8029f9a65067d76476106c2dbf95aab7673a51198ca6b9659 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers Referer https://hillcrestpress.weprnt4u.com/bn/bnz/home/index.htm User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Thu, 04 Jul 2019 13:03:04 GMT content-encoding gzip last-modified Sun, 23 Jun 2019 23:51:25 GMT x-cdn Incapsula etag "976-gzip" strict-transport-security max-age=31536000 content-type text/css status 200 x-iinfo 11-18517472-0 0CNN RT(1562245384863 0) q(0 -1 -1 0) r(0 -1) cache-control max-age=1735977, public content-length 472 expires Wed, 24 Jul 2019 15:16:01 GMT
GET H2	200	logout.png m.bnz.co.nz/pa/oidc/	70 B 578 B	2058ms 1760ms	Image image/png	45.60.78.175 Incapsula Inc
General Check archive.org Show headers Download Go to Show image Full URL https://m.bnz.co.nz/pa/oidc/logout.png?433.73109638074595 Requested by Host: hillcrestpress.weprnt4u.com URL: https://hillcrestpress.weprnt4u.com/bn/bnz/home/index.htm Protocol H2 Security TLS 1.3, , AES_128_GCM Server 45.60.78.175 , United States, ASN19551 (INCAPSULA - Incapsula Inc, US), Reverse DNS Software / Resource Hash dc5687b50f70cb95379bfced5a0eae768dd4382cd6b393ee77d65bbdd6373fbf Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Frame-Options DENY Request headers Referer https://hillcrestpress.weprnt4u.com/bn/bnz/home/index.htm User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers pragma no-cache strict-transport-security max-age=31536000 x-cdn Incapsula x-frame-options DENY p3p CP="CAO PSA OUR" status 200 x-iinfo 11-18517477-18517478 NNNN CT(291 1166 0) RT(1562245384886 0) q(0 0 15 0) r(18 18) U2 cache-control private,no-cache,no-store content-type image/png content-length 70 expires 0
GET H2	200	logout.png www.bnz.co.nz/pa/oidc/	70 B 651 B	2038ms 1763ms	Image image/png	45.60.78.175 Incapsula Inc
General Check archive.org Show headers Download Go to Show image Full URL https://www.bnz.co.nz/pa/oidc/logout.png?78.29666129496738 Requested by Host: hillcrestpress.weprnt4u.com URL: https://hillcrestpress.weprnt4u.com/bn/bnz/home/index.htm Protocol H2 Security TLS 1.3, , AES_128_GCM Server 45.60.78.175 , United States, ASN19551 (INCAPSULA - Incapsula Inc, US), Reverse DNS Software / Resource Hash dc5687b50f70cb95379bfced5a0eae768dd4382cd6b393ee77d65bbdd6373fbf Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Frame-Options DENY Request headers Referer https://hillcrestpress.weprnt4u.com/bn/bnz/home/index.htm User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers pragma no-cache strict-transport-security max-age=31536000 x-cdn Incapsula x-frame-options DENY p3p CP="CAO PSA OUR" status 200 x-iinfo 11-18517473-18517474 NNNN CT(285 1172 0) RT(1562245384866 0) q(0 0 15 0) r(18 18) U2 cache-control private,no-cache,no-store content-type image/png content-length 70 expires 0
GET H/1.1	200 OK	c0b52ff90d000139628464bd Show response execution-use.ci360.sas.com/t/s/s/	11 KB 5 KB	725ms 116ms	Script application/javascript	34.199.225.6 Amazon.com
General Check archive.org Show headers Download Go to Full URL https://execution-use.ci360.sas.com/t/s/s/c0b52ff90d000139628464bd Requested by Host: hillcrestpress.weprnt4u.com URL: https://hillcrestpress.weprnt4u.com/bn/bnz/home/index.htm Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 34.199.225.6 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US), Reverse DNS ec2-34-199-225-6.compute-1.amazonaws.com Software / Resource Hash 8bfa55eea9a878e9e52ea36b1467776d364b2c0b07f2403893ee72ba65ae104b Request headers Referer https://hillcrestpress.weprnt4u.com/bn/bnz/home/index.htm User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Thu, 04 Jul 2019 13:03:05 GMT Content-Encoding gzip transfer-encoding chunked Cache-control no-cache="set-cookie" Vary Accept-Encoding Connection keep-alive Content-Type application/javascript;charset=ISO-8859-1
GET H/1.1	404 Not Found	main.a88c18e8.js hillcrestpress.weprnt4u.com/auth/static/js/	0 0	101ms 100ms	Script text/html	198.235.134.66 Intelligent Techn...
General Check archive.org Show headers Download Go to Full URL https://hillcrestpress.weprnt4u.com/auth/static/js/main.a88c18e8.js Requested by Host: hillcrestpress.weprnt4u.com URL: https://hillcrestpress.weprnt4u.com/bn/bnz/home/index.htm Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.235.134.66 , United States, ASN54611 (ITSYOURIT - Intelligent Technology Solutions, Inc., US), Reverse DNS web01.remly.com Software Apache / Resource Hash Request headers Referer https://hillcrestpress.weprnt4u.com/bn/bnz/home/index.htm User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Thu, 04 Jul 2019 13:03:04 GMT Server Apache Connection Keep-Alive Keep-Alive timeout=5, max=99 Content-Length 348 Content-Type text/html; charset=iso-8859-1
GET H2	200	SerranoWeb-Bold.woff2 www.bnz.co.nz/serrano/fonts/	21 KB 21 KB	79ms 26ms	Font application/font-woff2	45.60.78.175 Incapsula Inc
General Check archive.org Show headers Download Go to Full URL https://www.bnz.co.nz/serrano/fonts/SerranoWeb-Bold.woff2?v=1c25c2c065 Requested by Host: hillcrestpress.weprnt4u.com URL: https://hillcrestpress.weprnt4u.com/bn/bnz/home/index.htm Protocol H2 Security TLS 1.3, , AES_128_GCM Server 45.60.78.175 , United States, ASN19551 (INCAPSULA - Incapsula Inc, US), Reverse DNS Software / Resource Hash 00597164b7643a1a0040f59fe7167231ba550754b16f0c7df456d7490698ba11 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Referer https://www.bnz.co.nz/serrano/serrano.css Origin https://hillcrestpress.weprnt4u.com Response headers date Thu, 04 Jul 2019 13:03:04 GMT last-modified Mon, 01 Jul 2019 03:02:17 GMT x-cdn Incapsula access-control-allow-origin * etag "5234" strict-transport-security max-age=31536000 content-type application/font-woff2 status 200 x-iinfo 5-28995352-0 0CNN RT(1562245384949 0) q(0 -1 -1 1) r(0 -1) cache-control max-age=31373224, public content-length 21044 expires Wed, 01 Jul 2020 15:50:08 GMT
GET H2	200	SerranoWeb-Regular.woff2 www.bnz.co.nz/serrano/fonts/	19 KB 19 KB	95ms 43ms	Font application/font-woff2	45.60.78.175 Incapsula Inc
General Check archive.org Show headers Download Go to Full URL https://www.bnz.co.nz/serrano/fonts/SerranoWeb-Regular.woff2?v=5b6826770c Requested by Host: hillcrestpress.weprnt4u.com URL: https://hillcrestpress.weprnt4u.com/bn/bnz/home/index.htm Protocol H2 Security TLS 1.3, , AES_128_GCM Server 45.60.78.175 , United States, ASN19551 (INCAPSULA - Incapsula Inc, US), Reverse DNS Software / Resource Hash 9e63cdc77de3df5b0b0685849e03d263716a22ccf56e4ed74807504dc227221c Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Referer https://www.bnz.co.nz/serrano/serrano.css Origin https://hillcrestpress.weprnt4u.com Response headers date Thu, 04 Jul 2019 13:03:04 GMT last-modified Mon, 01 Jul 2019 03:02:17 GMT x-cdn Incapsula access-control-allow-origin * etag "4b2c" strict-transport-security max-age=31536000 content-type application/font-woff2 status 200 x-iinfo 5-28995353-0 0CNN RT(1562245384953 0) q(0 -1 -1 0) r(0 -1) cache-control max-age=31373224, public content-length 19244 expires Wed, 01 Jul 2020 15:50:08 GMT

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: BNZ Bank (Banking)

27 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onselectstart object| onselectionchange function| queueMicrotask boolean| isUnsupportedBrowser object| OLA_DOMAINS function| C3MM object| com_sas_ci_acs string| expires function| e9xx function| N9xx object| c3 object| Hashcode object| GeneralBase64 object| Base64 object| spotMap object| dataTagToEventMap function| windowFocused function| windowBlured function| LocalQueue object| CryptoJS function| getDecisionParams function| extractValue function| handleInjectResponse function| loadDoc function| overridePrototypes function| onYouTubeIframeAPIReady function| onYouTubePlayerReady

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

execution-use.ci360.sas.com
hillcrestpress.weprnt4u.com
m.bnz.co.nz
www.bnz.co.nz
198.235.134.66
34.199.225.6
45.60.78.175
00597164b7643a1a0040f59fe7167231ba550754b16f0c7df456d7490698ba11
01bd6a45f4abede766aa31da039b9f30da9652713229f9c2b35eb2fa6199bb48
01e02a02093340071d1364f08f71d9f2c62e272ba902bbc4a01bc505f693fc1e
22f39db53acd71a4cbcab5efaf2a4847b8ebc11694f8e28b35c49e99b7346e13
8bfa55eea9a878e9e52ea36b1467776d364b2c0b07f2403893ee72ba65ae104b
980e0a8ca74cdf527b4140b344ea720bbbef66b0d438c3ab1bd41282e097ec8b
9e63cdc77de3df5b0b0685849e03d263716a22ccf56e4ed74807504dc227221c
dc5687b50f70cb95379bfced5a0eae768dd4382cd6b393ee77d65bbdd6373fbf
f8260d7d44cfb1f8029f9a65067d76476106c2dbf95aab7673a51198ca6b9659